Module 4: Other key issues to be addressed in creating an enabling legal and regulatory framework to encourage internet use for business development

A holistic legal, regulatory and policy framework is a critical part of the fully enabling environment that governments should seek to create. This module provides brief overviews and examples of other key issues that can also be considered and explored as governments move to truly encourage internet use for business development, especially by SMEs.

I. Promoting competition

The elimination of barriers to entry, and the introduction of competition in the ICT sector, will generally provide benefits not only to ICT-related SMEs, but to all SMEs in general.

It is, to be sure, not a simple matter to introduce competition, especially in the telecommunications market.

In most instances, dominant carriers can use their superior position to engage in unfair methods of competition that deter (or are likely to deter) new entry into the market, or restrict (or are likely to restrict) existing competition in the market, for reasons unrelated to the availability, price and quality of service that operators offer or seek to offer. Moreover, it is important to note that even in markets where a single major supplier does not exist, two or more suppliers could cooperate to engage in anti-competitive practices.

For example, a major supplier which provides essential inputs to its competitors can take advantage of its dominant market position by engaging in anti-competitive cross-subsidization – shifting costs from its competitive activities to its non-competitive activities (the operation of essential facilities), or obtaining products and services from its non-competitive arm on advantageous terms and conditions.

Another common example is when a major supplier is in a position of dominance over other suppliers in interconnection negotiations. Competition goals are often frustrated when dominant players refuse or make it difficult for new entrants to interconnect and effectively offer competing services to the public.

The two anti-competitive practices below are also common:

Price Squeezes

A price squeeze happens when a major vertically integrated supplier sells inputs to its downstream competitors at a price so high, relative to its own retail price, that they cannot be expected to compete profitably in the same retail market. It can occur when operators with market power control certain activities that are key inputs for competitors in downstream markets and where those same key inputs are used by such operators or their affiliates to compete in the same downstream market.

Predatory Pricing

Predatory pricing occurs when the major supplier sells services below marginal cost to drive competitors away and prevent new ones from entering the market, and then subsequently, increases prices to re-coup the amount lost during the price cut.

A policy choice to promote competition therefore requires both the political will and clear mandate, and technical capability to monitor – and enforce – compliance with competition rules.

Do you agree that the promotion of free and effective competition is of critical importance? Are there other goals that are more important, and that should take precedence over the promotion of competition?

II. Bridging the digital divide

“The digital divide” refers to the gap between those with regular, effective access to digital technologies and those without. The digital divide results from the socio-economic differences between communities that in turn affect their access to digital information – mainly but not exclusively through the Internet.

The presence of a digital divide, particularly between rural communities and urban centres, directly affects the ability of SMEs to reach and compete in the larger domestic and even global markets.

The digital divide is also an example of a problem that likely requires more from the government than other ICT-related concerns, which can be left more to the private sector.

In many instances, market mechanisms alone will not suffice to ensure widespread individual access to the network, since much of the population often lacks the income required to obtain the services or they are otherwise located far from places where private sector investment is present. A digital divide exists in these areas precisely because the market is too small or insignificant for private sector players to consider. Low-income and rural communities are increasingly left behind, which in turn limits the ability of SMEs in these areas to use the Internet for business development.

Beyond the moral duty of governments of bridging this gap, however, it should also be pointed out that numerous examples exist of the Internet being used by SMEs in rural and unserved areas – leading not only to better lives and opportunities in these places and for these people, but also contributing to overall socio-economic development.

• Internet access will enable SMEs and entrepreneurs to use e-mail and VoIP to coordinate directly with buyers of local goods and products in the cities, effectively bypassing middlemen and earning a greater share of the revenues.
• Numerous websites allow local artisans to sell directly to the mature markets in the developed countries where their products are likely to fetch higher prices. Examples abound from for-profit sites like Novica.com (which is a partner of National Geographic) to non-profit marketplaces like PEOPLink
• The Internet also helps to level the playing field for SMEs in remote areas by providing them with key information and ideas on market prices, opportunities and trends.

Therefore, bridging the digital divide – or, putting it in another way, providing rural communities with access to information and communications technology (especially the Internet) – is therefore an important policy goal to the extent that it assists SMEs in these areas to grow. From a broader viewpoint, it helps enterprises to make a more meaningful contribution to overall countryside development.

A. Key Policy Considerations

• What are possible policy options for providing connectivity to rural and remote communities?
  • Competition policy;
  • Universal Access Fund and other related schemes;
  • CD-based applications.
• Ease of access to the Internet is a fundamental aspect, but it is not the sole factor. Effective access also depends on the ability to use ICT effectively, and on the quality of digital content that is available and can be provided. Once an appropriate level of access is achieved, the individual, community or SME then requires an education that includes literacy and technological skills to make effective use of it. What programmes need to be in place in terms of relevant education and training? How can these be effectively funded, made sustainable and documented?
• The availability of broadband connections may affect SMEs’ decisions to adopt e-commerce. Broadband’s faster speeds improve overall online experiences for both individuals and businesses, encouraging them to explore more applications and spend more time online. In contrast, slow internet connections and data transfers discourage SME adoption of the Internet.

III. Protecting the consumer

For e-commerce to take off, consumer trust in online businesses is essential. Without the confident e-consumer, there can be no e-commerce. Thus it is imperative to ensure that the online traders observe specific rules and guidelines to allay the fears of the consumer and promote ethical online transactions.

A. What Are the Main Concerns of Consumers with Regard to Online Transactions?

The primary concerns for the consumer that would need to be addressed by SMEs and by the broader legal and policy framework include:

• The consumer’s exposure to unfair marketing practices;

• Insufficient information disclosure; for example, refund policies, cancellation terms, warranty information;

• Contract terms; for example, their enforceability;

• Merchandise and delivery practices; for example, failure to perform and lateness;

• Payment; for example, recovering fraudulent charges if credit card information falls into criminal hands;

• Transaction confirmation and cancellation policies; for example, the consumer’s lack of knowledge on cancellation rights for online transactions, including for mistakenly made purchases;

• Fraud and deception: for example, lack of means to authenticate merchandise purchased online;

• Unsafe products;

• Insecure payment methods;

• Loss of personal privacy and protection of confidential data;

• Risk misuse of personal information;

• Other concerns include computer fraud, hacking, virus, interception and alteration of financial data, and misuse of personal information.

B. General Principles for Protecting Consumers Online

The OECD’s Guidelines for Consumer Protection in the Context of Electronic Commerce was approved back in December 1999 and is designed to help ensure that consumers are no less protected when shopping online than they are when they buy from their local store or order from a catalogue. The guidelines establish the core characteristics of effective consumer protection for online business-to-consumer transactions, thereby eliminating some of the uncertainties that both consumers and businesses encounter when buying and selling online.

The guidelines feature eight categories of general principles:

Transparent and Effective Protection

Consumers who participate in electronic commerce should be afforded transparent and effective consumer protection that is not less than the level of protection afforded in other forms of commerce.

Fair Business, Advertising and Marketing Practices

Businesses engaged in electronic commerce should pay due regard to the interests of consumers and act in accordance with fair business, advertising and marketing practices.

Online Disclosures

Clear and obvious disclosures should be available for consumers.

Confirmation Process

To avoid ambiguity concerning the consumer’s intent to make a purchase, the consumer should be able, before concluding the purchase, to identify precisely the goods or services he or she wishes to buy; identify and correct any errors or modify the order; express an informed and deliberate consent to the purchase; and retain a complete and accurate record of the transaction.

Payment

Consumers should be provided with easy-to-use, secure payment mechanisms and information on the level of security such mechanisms afford.

Dispute Resolution

Consumers should be provided meaningful access to fair and timely alternative dispute resolution and redress without undue cost or burden.

Privacy

Business-to-consumer electronic commerce should be conducted in a manner that provides appropriate and effective protection for consumers’ privacy.

Education and Awareness

Governments, business and consumer representatives should work together to educate consumers about electronic commerce, to foster informed decision-making by consumers participating in electronic commerce and to increase business and consumer awareness of the consumer protection framework that applies to their online activities.

IV. Promoting public-private partnerships

Authentic partnership with the private sector is the key to developing effective e-business policies for SMEs.

In public-private partnerships, there is a recognition that the government’s primary role in ICT development is to provide an enabling policy, legal and regulatory environment that levels the playing field and allows the private sector to take the lead.

Therefore, while public authorities play a crucial role in promoting the adoption of the Internet for business purposes, it is important to note that ultimately, the private sector is better positioned and qualified to undertake implementations.

Initiatives and projects to develop the ICT sector will have a higher chance of success and sustainability if these are market-led, rather than government-led. The private sector should provide leadership through investments, capitals and other resources.

Market forces alone, however, cannot guarantee the full development of an inclusive Information Society. As noted previously, for example, the objective of ensuring free and fair competition may be thwarted by large or dominant players in the market. Programmes to promote access to ICT, particularly in rural and remote areas, may fail if the private sector does not feel ready or inclined to invest in places where there is little profit to be made.

The government, therefore, must remain vigilant in its role of verifying that, at any time, implementation is proceeding consistently with its policy objectives. As an enabler, its involvement in the markets should be predictable, developmental, transparent and efficient. Regulation, where necessary, should promote a level playing field and should not hinder companies from competing in free and fair markets. It is equally critical to ensure that public-private partnerships should not compromise the independence and impartiality of the public authorities.

It is therefore important that the partners – both private and public – are in agreement, or at least are aware, of the overall goals of government and its ICT programmes, and that there is a good understanding of their respective roles.

V. Earning global confidence

A. Privacy and Data Protection

In information economies, the task of protecting data is of paramount importance. While secure storage and transparent use are important for many categories of public information, managing personal data also involves important issues of privacy.

There is therefore a need to strike a balance between privacy and the various needs to transmit personal data.

Indeed, the transmission of such data is fundamental to the conduct of e-business, but it needs a great deal of trust and confidence.

Note that with the growth of computing, the expanded use of the Internet and the rapid development of new technologies, there is also an increased potential for violations of online privacy. Therefore, some form of legal protection of privacy is important for generating trust in e-commerce.

Furthermore, beyond generating trust, developing countries who wish to participate in the global information economy, will increasingly need to consider laws that protect personal data in order to even have a chance at helping to facilitate the flow of information from developed to developing countries. Note that in European jurisdictions, for example, it is forbidden to transfer data to a jurisdiction that does not provide adequate protection for personal data.

B. Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data

The OECD privacy guidelines were created in 1980, well before the Internet boom and the emergence of e-commerce. Although more than 20 years old, the principles found in the guidelines continue to serve as the basis for most privacy initiatives worldwide.

The guidelines feature eight privacy principles:

Collection Limitation Principle

There should be limits to the collection of personal data. Such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

Data Quality Principle

Personal data should be relevant to the purposes for which they are to be used. To the extent necessary for those purposes, data should be accurate, complete and kept up-to-date.

Purpose Specification Principle

The purposes for which personal data are collected should be specified no later than the time of data collection. The subsequent use should be limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified at each occasion of change of purpose.

Use Limitation Principle

Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with the data quality principle except with the consent of the data subject; or by authority of law.

Security Safeguards Principle

Personal data should be protected by reasonable security safeguards against risks such as loss or unauthorized access, destruction, use, modification or disclosure of data.

Openness Principle

There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available for establishing the existence and nature of personal data, the main purposes of their use, as well as the identity and usual residence of the data controller.

Individual Participation Principle

An individual should have the right to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him or her. An individual should have the right to receive that data and to challenge it if incorrect.

Accountability Principle

A data controller should be accountable for complying with measures that give effect to the principles stated above.

What other interests need to be balanced against the need to protect private data?

C. Intellectual Property Rights

Public policy on intellectual property rights poses an interesting challenge to governments, especially in developing countries, given the rapid developments in technology.

Today, however, technology is complicating this process and undermining many of the mechanisms that governed the system in the past. This trend is likely to continue; today’s technologies are the beginning, not the end, of the information revolution. Computers, two-way interactive cable, fibre optics, optical disks, communications satellites, and other devices are becoming steadily more sophisticated and powerful; and their uses are expanding almost daily. The greatest impact, however, will come not from single technologies, but rather from their use in combination.

These new information and communications technologies are challenging the intellectual property system in ways that may only be resolvable with substantial changes in the system or with new mechanisms to allocate both rights and rewards. Once a relatively slow and ponderous process, technological change is now outpacing the legal structure that governs the system, and is creating pressures on the United States Congress to adjust the law to accommodate these changes. The pressures are coming from a number of different parties, and they are motivated by a wide range of concerns:

• Authors, publishers, film makers, and producers; representatives of the recording industry; and other copyright holders whose works can be delivered electronically: This group is concerned that technologies such as tape recorders, videocassette recorders and compact discs are so widely used that they undermine their ability to enforce their copyrights. They are calling on Congress to adopt stronger enforcement measures. Alternatively, some group members would like Congress to provide new ways to protect their incomes, such as imposing taxes or royalties on blank tapes.
• Designers and producers of computer software and other functional works that do not fit comfortably into existing categories of intellectual property law: This group is concerned that, given the uncertainties in the law, their works will be inadequately protected. They are calling for more explicit and extensive protection under new or existing laws.
• Database producers, information analysts, and others who package existing information for specific uses: This group opposes restrictions on the use and re-use of copyrighted materials. They also want incentives to be reallocated so that they receive a greater financial return for the value that they add to information by analyzing, reorganizing and packaging it.
• Manufacturers of equipment capable of copying, reproducing or recording (paper copiers, satellite antennas, videocassette recorders, audio tapes, and blank CDs and DVDs): Members of this group oppose the imposition of taxes or royalties on tapes and any other actions that might increase the cost of their products to the consumer, or that make them less convenient to use. They claim that they aid copyright holders by creating new markets for products and so should not be penalized by having taxes imposed.
• Educators and scientists: Members of this group generally oppose extensions of the law, arguing that such extensions would make the resources and materials they need to do their work prohibitively expensive. Some members of this group seek to exempt educational uses from the law. Others are calling for licensing agreements that would allow them to use copyrighted materials at reduced rates.<
• The general public: Many people are becoming increasingly accustomed to having new technology available at low cost to use as they please in their homes and offices. They want assurance that they can continue to copy films, records, and other information for their private use.
• For SMEs, the interests could be conflicting: On the one hand, human innovation and creativity has increasingly led to the introduction of new products, brands and creative designs in the market. Small and medium-sized enterprises (SMEs) are often the driving force behind such innovations, and intellectual property rights help them to enjoy fuller benefits from their creativity. Adequate protection of the SME's intellectual property is a crucial step in deterring potential infringement and in turning ideas into business assets with a real market value. On the other hand, SMEs, especially in developing countries, may have far greater interest in having access to useful technologies and applications, but may not be able to afford them. Note, too, that some argue that an inappropriately strong intellectual property rights system increases the costs of access to many products and technologies (particularly in health, agriculture, education and information technologies) that developing countries (and SMEs) need.

D. Capabilities and Challenges Posed by the New Technologies

To understand the legal and political pressures that new technologies place on the intellectual property system, one needs to understand their unique capabilities. A few examples convey the scope and pace of technological progress and the problems that it poses:

A problem of identifying authorship

A group of authors using personal computers connected by a telephone network can collaborate in writing an article, a piece of software or a database. This work can exist in various forms, in different places and can be modified by anyone having access to the network. This networking technology provides new opportunities to combine talents, resources and knowledge. In such a world where there are many authors of one work, worldwide collaboration and ever-changing materials, how are intellectual property rights to be allocated or awarded?

A problem of identifying infringements and enforcing rights

The increased communications capacity (in terms of speed, bandwidth, and distance) made possible by fibre optic technology, will allow computer users to rapidly transmit incredible amounts of information at a rate of 100 average-length pages in a second. These high-speed communications media, combined with large capacity optical disk storage technologies, will also pose enforcement problems for the intellectual property system. They allow individuals to trade vast quantities of copyrighted materials without the knowledge or permission of the copyright holders. With these technologies, the situation is no longer simply one of an individual trading or giving away a book to someone else; rather, it is one in which individuals can inexpensively and privately share the contents of an entire library.

A problem of private use

If a private citizen copies information – a film or record, for example – should this be considered an infringement of copyright? At present, the law gives little guidance in this area – nor, until recently, did it need to. Such private use was so limited it posed no threat to industry profits. Second, if it were decided that home copying infringed copyright, how could a ban against it be enforced? Since many people could be engaged in this kind of behaviour in the privacy of their own homes, their activities would be impossible to track.

A problem of derivative use

A major newspaper maintains its index on computer. A user of this index takes the information in it and analyses it for another client, giving him up-to-date, timely information that is precisely tailored to his needs. Using electronic technology, a research chemist can search all bibliographic data on a particular chemical in a matter of hours, instead of the weeks it once would have taken. An investor who must make a snap decision about whether to buy or sell can call up a constantly updated database; and use the information to pursue his profits.

The new information technologies, which allow for this kind of customized information on demand, are creating a wide range of new opportunities to expand the variety, scope and sophistication of information-based products and services.

In fact, a whole new industry has developed to provide these services; and it is now one of the fastest growing sectors in the economy. As the opportunities to create derivative works increase and as this sector comes to play a larger role in the economy, questions arise about what kinds of information can legally be used to create secondary information products. Under existing intellectual property law, copyright holders have the right to benefit from all subsequent works based on their original works. If interpreted broadly, it is possible, however, that this approach will inhibit the production and use of secondary materials.

A problem of meeting educational goals

The intellectual property system was originally designed to enhance learning and the useful arts. This goal is more difficult to meet today because of the increasing market value of intellectual properties.

The technologies provide numerous opportunities for educational use. However, because software development is often expensive, it is in the interest of the developer to concentrate on products for customers who can pay the most – businesses, not schools. The schools then have the choice of doing without software, diverting money from other equally needed educational materials, or developing their own software, since they cannot legally copy copyrighted works. The copyright problem in this situation is simple: Copyright, designed as a policy tool to enhance learning, fails to meet its goal.

A problem of integrity

Assisted by the computer, a film maker can create scenes that were never actually filmed, or take existing images and place them in entirely new contexts. These capabilities open new avenues for creativity. But at the same time, they may be used to misrepresent a work or undermine its integrity. An unscrupulous artist, for example, might use technology to distort a well-known piece of art for his own purposes or profit without the knowledge of the original artist.

In this electronic environment, creators may become as concerned about the integrity of their works as they are about their profits. To be effective, intellectual property law may need to take into account the problem of artistic integrity, as well as that of financial rewards.

An international problem

All of the capabilities and problems that characterize domestic use of the new technologies are equally prominent – sometimes more so – when they are used internationally. Satellite technology permits global communication, but it also beams in programming that nations may not want. Satellites collect valuable agricultural and environmental information about the developing world. But once it has been analyzed by a commercial company and copyrighted, it may be priced too high for developing countries to afford. A nation near the United States is able to pick up and unscramble satellite programming that viewers want – and do so without paying the fee charged by the company. Domestic companies have no way to monitor use or enforce their copyright claims. These problems are exacerbated by considerable disagreement among nations about intellectual property issues.

E. Cross-border Cooperation and Harmonization

Different countries will have different approaches to the challenge of policymaking in the policy areas discussed above. Given the “borderless” nature of the Internet, conflicting rules and regulations will only serve to hamper and discourage participation in e-commerce, especially by SMEs.

The following cases provide vivid illustrations on the need for cross-border cooperation and harmonization of laws and rules.

Privacy and Data Protection.

India has been extremely successful in developing an outsourcing industry, from basic data entry processing to more sophisticated services such as customer call centres and financial services. Indian businesses have attracted a wide range of Western companies to relocate various business processes to the subcontinent. However, concerns have recently been voiced in the European Parliament about the vulnerability of personal data being transferred under such outsourcing arrangements. Some view outsourcing as a process that effectively circumvents European safeguards. As a consequence, Indian companies are now pressuring their government to take regulatory action to forestall any adverse reaction from Europe.

To give another example, Ms Mugure Mugo, founder of PrecissPatrol, a Kenyan outsourcing enterprise dealing with IT services, has already received requests from European-based clients specifically wanting to know her company’s policy on the collection and security of collected data. Ms Mugo recognizes that the fact that Kenya does not have specific data protection laws may constitute a barrier to the development of the country’s e-business.

Intellectual Property Law.

With annual revenues of more than US$1 billion, Adobe is the second-largest PC software company in the United States. In an effort to lead the market for software that enables the digital distribution of books, Adobe developed the Adobe Acrobat eBook Reader which was designed as a “trusted system”, offering publishers a spectrum of copyright protection options when encoding their content.

Meanwhile, founded in 1990 and headquartered in Moscow, ElcomSoft is a software company that "specializes in producing Windows productivity and utility applications for businesses and individuals". Among the many software products developed by ElcomSoft is the "Advanced eBook Processor (AEBPR)", which used to be available for download from their site (but seems to now have been removed). The program enables users to (a) disable the copyright protection controls deployed by book publishers using Adobe's software and (b) repackage their digital books in a variety of common formats without copyright controls.

Dmitry Sklyarov is a young programmer and cryptographer formerly employed by ElcomSoft who has been researching cryptanalysis in furtherance of a Ph.D. he hopes to earn from a Moscow university. He is allegedly responsible for much of ElcomSoft's AEBPR, most notably, the decryption algorithms it employs to circumvent Adobe's copyright protection controls.

[Sklyarov] was invited to give a presentation at the DEF CON conference in Las Vegas about the electronic security research work he has performed as part of his Ph.D. research. His presentation concerned the weaknesses in Adobe's eBook technology software. Dmitry was arrested at his hotel in Las Vegas, on 16 July [2001,] as he was leaving to return to Russia.

In its 28 August 2001 press release, the United States Department of Justice (DOJ) reported:

The United States Attorney's Office for the Northern District of California announced that Elcom Ltd. (also known as Elcomsoft Co. Ltd.) and Dmitry Sklyarov, 27, both of Moscow, Russia, were indicted today by a federal grand jury in San Jose, California on five counts of copyright violations.

The defendants were each indicted on one count of conspiracy to traffic in technology primarily designed to circumvent, and marketed for use in circumventing, technology that protects a right of a copyright owner, in violation of Title 18, United States Code, Section 371; two counts of trafficking in technology primarily designed to circumvent technology that protects a right of a copyright owner, in violation of Title 17, United States Code, Section 1201(b)(1)(A); and two counts of trafficking in technology marketed for use in circumventing technology that protects a right of a copyright owner, in violation of Title 17, United States Code, Section 1201(b)(1)(C).

Sklyarov's arrest prompted outcries of outrage from software developers, civil libertarians and all who generally oppose the Digital Millennium Copyright Act (for ideological or "practical" reasons). He faced a maximum fine of $2.25 million and up to 25 years imprisonment. Not surprisingly, the DOJ promptly reached an agreement with Sklyarov, under the terms of which they have agreed not to prosecute him personally if he assists in their (criminal) prosecution of ElcomSoft.

On 17 December 2002, a federal jury acquitted ElcomSoft of all criminal charges against it and Sklyarov was released subject to a plea agreement.

This case is highly fact-specific and unlikely to be repeated. But it demonstrates the power and reach of copyright-related laws outside the geographic boundaries of a given jurisdiction, especially when a country like the United States demonstrates a willingness to extend its competence beyond state and national boundaries to enforce its intellectual property jurisprudence interpretation into other jurisdictions.

Cyber Crime.

Cyber crime presents one of the most complex and exigent circumstances for international cooperation. For example, an e-mail sent to a colleague across town may be routed via packet switching through China, Argentina and South Africa before reaching the recipient's inbox. Cyber criminals can intentionally "weave" their communications through several carriers and countries before attacking a network or system. Likewise, a cyber stalker can route his communication through several jurisdictions before reaching the victim. A child pornographer can hide his identity and route materials over networks of multiple countries before reaching the intended recipients. Someone can also commit a cyber crime against persons in several countries.

A cyber criminal does not have to leave his own home – or cross a national boundary – to commit an act in several countries around the globe. His communications may be routed through local phone companies, long distance carriers, Internet Service Providers and wireless and satellite networks and may go through computers located in several countries before attacking targeted systems around the globe. Evidence of the cyber crime may even be stored on a computer in a different country from where the criminal executed the act.

Law enforcement, however, is stopped at the borders of nation states and must go through proper legal channels to receive assistance in cyber crime investigations -- which is often dependent upon the skill levels of law enforcement in that country. Assistance is also dependent upon that country's legal system. Foreign assistance may be needed even if the act is local. Frequently, communications may pass through several countries; requiring law enforcement to seek international assistance just to find out the perpetrator is a local person.

Recent examples of the need for international cooperation and assistance include these:

• Officers in Wales, working in coordination with the Federal Bureau of Investigation (FBI), arrested two persons for intrusion into e-commerce sites and theft of information pertaining to 26,000 credit cards. Losses were estimated to be as high as US$3 million. In developing the case, the FBI worked closely with the Dyfed-Powys Police Service in Britain, the Royal Canadian Mounted Police in Canada, and private industry and involved seven FBI field offices, the United States Legal Attaché in London, and the National Infrastructure Protection Centre.
• A hacker in the United States recently pled guilty to illegally accessing computers belonging to the United States Postal Service, the State of Texas, the Canadian Department of Defence and a publishing company located in the state of Wisconsin. The conviction of the hacker was the result of a joint investigation involving the Texas Department of Public Safety, the Royal Canadian Mounted Police, the Canadian Forces National Investigative Service and the United States Postal Service Office of the Inspector General.

While it is important for developing countries to have cyber crime laws in place, it is equally important that countries have the legal authority to assist foreign countries in an investigation, even if the country at issue has not suffered any damage itself and is merely the location of the intruder or a pass-through site. "Inadequate regimes for international legal assistance and extradition can therefore, in effect, shield criminals from law enforcement: criminals can go unpunished in one country, while they thwart the efforts of other countries to protect their citizens" (American Bar Association 2002).

To conclude, and to repeat, there is no one set of policies that will be correct or appropriate for every nation. Best practices and experiences in other countries will surely help, but such lessons should be taken in the context of your nations’ respective social, political and economic environments. Ultimately, nations will have to choose the mix of policies that can best balance competing interests and goals.

Summary: module 4 in a nutshell

Promoting Competition

The elimination of barriers to entry, and the introduction of competition in the ICT sector will generally provide benefits not only to ICT-related SMEs, but to all SMEs in general.

Bridging the Digital Divide

The digital divide refers to the gap between those with regular, effective access to digital technologies and those without. The digital divide results from the socio-economic differences between communities that in turn affect their access to digital information – mainly but not exclusively through the internet.

The digital divide is an example of a problem that likely requires more from the government than from the private sector.

Bridging the digital divide is an important policy goal to the extent that it assists SMEs in remote and unserved areas to grow and contribute more meaningfully to overall countryside development.

Consumer Protection

The primary concerns for the consumer, which would need to be addressed by SMEs and by the broader legal and policy framework, include the following:

• Consumer’s exposure to unfair marketing practices;
• Insufficient information disclosure, for example, refund policies, cancellation terms, warranty information;
• Contract terms, for example, their enforceability;
• Merchandise and delivery practices, for example, failure to perform and lateness;
• Payment, for example, recovering fraudulent charges if credit card information falls into criminal hands;
• Transaction confirmation and cancellation policies, for example, consumer’s lack of knowledge on cancellation rights for online transactions, including for mistakenly made purchases;
• Fraud and deception, for example, lack means to authenticate merchandise purchased online;
• Unsafe products;
• Insecure payment methods;
• Loss of personal privacy and protection of confidential data;
• Risk misuse of personal information;
• Other concerns include computer fraud, hacking, virus, interception and alteration of financial data and misuse of personal information.

General principles for protecting consumers online:

• Transparent and effective protection;
• Fair business, advertising and marketing practices;
• Online disclosures;
• Confirmation process;
• Payment;
• Dispute resolution;
• Privacy;
• Education and awareness.

Privacy

Countries that wish to participate in the global information economy will increasingly need to consider laws that protect personal data to compete.

The European Union’s Data Protection Directive, enacted in 1995, requires member states to ensure that the transfer of personal data to non-European Union countries takes place only if the latter country provides an adequate level of privacy protection.

The OECD privacy guidelines feature eight privacy principles:

• Collection limitation principle;
• Data quality principle;
• Purposespecification principle;
• Use limitation principle;
• Security safeguards principle;
• Openness principle;
• Individual participation principle;
• Accountability principle.

Intellectual Property Rights

New ICTs are challenging the intellectual property system in ways that may only be resolvable with substantial changes in the system or with new mechanisms to allocate both rights and rewards. New ICTs, for example, create problems in certain areas:

• Identifying authorship;
• Identifying infringements and enforcing rights;
• Private use;
• Derivative use;
• Meeting educational goals;
• Integrity.

Cross-border Cooperation and Harmonization

Different countries have different approaches to the challenge of policymaking. Given the borderless nature of the Internet, conflicting rules and regulations only serve to hamper and discourage participation in e-commerce, especially by SMEs.

Additional information on other key issues to be addressed in creating an enabling legal and regulatory framework to encourage internet use for business development

Asia-Pacific Development Information Programme

Provides various resources on e-governance, ICT4D, ICT for SMEs, open source software, policy notes on ICT for SMEs. http://www.apdip.net/

Cyber Security and Cyber Crime

Information on news, cyber laws, cyber alert systems, vulnerability resources, attacks, policies, laws and statistics. Available online in the following websites: http://www.us-cert.gov/, http://www.staysafeonline.info/, https://www.csialliance.org/home/, http://www.cpi.seas.gwu.edu/, http://www.cyberpartnership.org/

Development Gateway (World Bank) portal

The website includes a wide variety of documents on ICT and development; e-commerce and development; e-commerce and arts and crafts; among others. http://www.developmentgateway.org/all-topics

Digital Dividend portal

A site offering innovative examples of SMEs using e-business techniques. The site also offers a clearinghouse to match investors/sponsors with prospective projects. http://www.digitaldividend.org/

Network World.

Provides information on VoIP and convergence, network security and solutions, SME networking, and white papers on convergence and internet policies. www.networkworld.com

Networkworld Partners

Includes solutions and alternatives on VoIP technology. www.networkworldpartners.com

OECD SME portal

Promotes entrepreneurship and advance the performance of small businesses by evaluating and diffusing best practice policies in SME development. http://www.oecd.org/department/

SME portal in Malaysia

A one stop information portal for small and medium-sized enterprises. It provides information on all aspects of SME development, including financing, advisory services, training programmes, business and networking opportunities. www.smeinfo.com.my

Technonet Asia

A cooperative network of development support institutions, aiming to enhance the quality and competitiveness of SMEs in its member countries through information, technology transfer and human resources development. http://www.idrc.ca